Patent infringement can be a dicey affair, with parties arguing over whether intellectual property infringement occurred.
Such is the case in a dispute dating back more than a year between HP's SPI Dynamic's security division and security vendor Cenzic. Cenzic said in a statement Monday that it had reached an agreement with HP that will result in the two vendors cross-licensing each other's patents.
A Cenzic spokesperson declined to comment, and HP, which acquired SPI Dynamics in June, did not immediately respond to requests for comment.
The SPI patent is "an automated Web security analysis system and process identifies security vulnerabilities in a target Internet Web site by parsing through the target Web site to search for a predetermined list of common security vulnerabilities," according to the patent abstract.
Cenzic then filed its own patent-infringement case against SPI Dynamics in Virginia Eastern District Court on July 27. Cenzic alleged that SPI Dynamics infringed on U.S. patent number 7,185,232, which it filed for in February of 2002.
Cenzic's patent is "a method of testing a target in a network by fault injection, includes: defining a transaction baseline; modifying at least one of an order and a structure of the transaction baseline to obtain a modified transaction with malformed grammar; and transmitting the modified transaction to a target," according to the patent abstract.
The dispute revolves around processes related to technologies that are critical to security researchers seeking vulnerabilities. Both Cenzic and SPI Dynamics produce software that helps security researchers find errors and vulnerabilities in their applications and environments.
A number of security researchers complained about the Cenzic patent. Chris Eng, Veracode's director of security services, alleged in a blog post that Cenzic's timing in suing over the patent was somewhat circumspect.